The Cryptolocker Virus and its variants are awesome…from a design standpoint they really blow our minds. They suck, don’t get me wrong, but they are brilliantly designed, hyper anonymous and it seems fool proof and unstoppable. They’ve been tailored now to attack businesses because businesses have the capability and the need to pay their ransoms.

What is a Cryptolocker? The Cryptolocker virus and its subsequent variations are viruses (or more accurately “ransomware”) that silently execute on a user’s workstation. While running, they search the machine for any open file shares on servers (and workstations) on the network. They then take every MS Office, Open Office, Adobe, and AutoCad file, and encrypt them so that they are unreadable to everyone. Once they are done, they prompt the user that “All of your files are now encrypted. If you want them back, pay us a ransom.” If you pay the ransom, you get your files back (in all cases we’ve seen so far). If you don’t, you better have good backups or you better not need any of your old files because they are gone!

Here’s the funny part, and the part that even we have difficulty with. When you pay them, they actually follow through and give you back (decrypt) your files. Why? Well because if they didn’t, no one would pay the ransom and that would be bad business and believe me, this has become big business. Even the FBI recommends paying the ransom and, no, they haven’t been able localize these attacks contrary to what you might see on “CSI: Cyber”

The Catch: So that seems pretty evil, but not that hard, right? You just “pay the man” and get your files back, right? The catch is you have to pay in bitcoins. How many of you have bitcoin wallets just lying around? How many of you have a clue what a bitcoin is? Yeh that’s what we thought. I can’t fully sit here and explain what a bitcoin is. It would just take too long and I wouldn’t do it justice, but I’ll try to give you an overview.

Bitcoins: Essentially, a Bitcoin is a form of currency that only exists digitally (on and off the internet). No paper money, no country, just this unit of “money” that fluctuates in value and changes hands on the internet like a real currency only without the “paper trail” of banking. They are like cyber “cash”. You can purchase bitcoins with real money, but first you have to set up an online wallet (kinda like setting up a bank account), and then you have to transfer money to your wallet (usually via something like Western Union or a bitcoin ATM). The whole process is like setting up a stock market account or even purchasing a foreign currency as that’s pretty much what you are doing. You setup the wallet, and then you transfer or fund the wallet with cash.

Why Bitcoins: Ahh this is where it gets even more fun. Bitcoins are essentially anonymous. Once you transfer your hard earned American Dollars into Bitcoins in your wallet they exist digitally in your wallet, and even though you may have used a form of ID to create your wallet, many people have not. So you pay the ransom, bitcoins transfer from your wallet to Joe Anonymous Bad Guy’s wallet…and they’re gone. Kinda like cash, once you pay for your hot dog, that dollar could then go to the hot dog supplier, then to the trucking company, to the trucker, to the waitress at the all night café, etc…Who knows where it goes? The difference is that the bitcoin can be transferred instantly across continents, across the globe, through a few various bitcoin wallets, and eventually even back in to cash via a bitcoin ATM.

So, Joe Bad Guy, encrypts your files, you pay him, he decrypts your files, he closes that wallet and cashes out and starts the whole process over again and again. It’s big business to the tune of $1 billion in 2016. So protect yourself and be safe out there.

Call us if you need some help!

Richline Technical Services is a Managed IT Services Provider headquartered in Corpus Christi, TX. We provide helpdesk and network management to small and medium businesses as well as consulting and network design services to large companies, city and county governments as well as school districts.

Josh Richline is one of the Owners of RTS and is certified by Microsoft, Citrix, ShoreTel, Sonicwall, Lifesize, Ruckus, US Sailing and others. He specializes in VoIP, large networking projects and sailing.

2 Comments

There is a straightforward solution, when you are bitten by ransomware: Wipe all persistent storage. Re-inflate the software environment. Restore the enterprise’s data.

If a business says they cannot do that, or are afraid of trying that, I see the larger problem. What would they do if, instead of ransomware, they had lost most of their servers to a fire or flood? If someone paid ransom, that should serve as warning that they are not prepared for disasters that lack such an easy out.

I agree, Russell. The best defense is a good backup. Knock on wood, we’ve never had a customer lose a byte of data to ransomware. The only people we’ve had to fight with ransomware were people who had to find us because of their ransomware issues…and you guessed it, they probably didn’t have reliable backups. Think we’ve only had one or two customers actually get a ransomware infection and for those we simply took the machine offline and restored from the last backup before the infection, which since most of our customers backup every hour, would have meant at most 1 hour of lost work. And in all cases I’ve seen a re installation of software wasn’t necessary…only a restoration of data.